On the satisfiability problem for a 3-level 
quantified syllogistic 

Domenico Cantone and Marianna Nicolosi Asmundo 

Universita di Catania, Dipartimento di Matematica e Informatica 
email: cantone@diiii.unict.it, nicolosi@dini.unict.it 



Abstract. We show that a collection of three-sorted set-theoretic for- 
mulae, denoted 3LQS^ and which admits a restricted form of quan- 
tification over individual and set variables, has a solvable satisfiability 
^1 ' problem by proving that it enjoys a small model property, i.e., any sat- 

, isfiable 3i/(5>S^-formula iIj has a finite model whose size depends solely 

Oj' on the size of ip itself. We also introduce the sublanguages (SLQS^)'^ of 

3LQS^, whose formulae are characterized by having quantifier prefixes 



m 

o 



< 



of length bounded by ft > 2 and some other syntactic constraints, and 
OO ' we prove that each of them has the satisfiability problem NP-complete. 

Then, we show that the modal logic S5 can be formalized in {3LQS^)^. 
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Computable set theory is a research field active since the late seventies. Its initial 
goal was the design of effective decision procedures to be implemented in theorem 
provers/verifiers, for larger and larger collections of set-theoretic formulae (also 
called syllogistics) . During the years, hovifever, due to the production of several 
decidability results of a purely theoretical nature the main emphasis shifted to 
^^ I the foundational goal of narrowing the boundary between the decidable and the 

O^ ' undecidable in set theory. 

Ti^lj- I The main results in computable set theory up to 2001 have been collected 

^^ ' in |9I10] . We also mention that the most efficient decision procedures have been 

f^ I implemented in the proof verifier /Etna Nova |15ll6j and within one of versions 

of the system STeP [5]. 

The basic set-theoretic fragment is the so-called Multi-Level Syllogistic {MLS, 

K^ • for short) which involves in addition to variables varying over the von Neumann 

'j_j I universe of sets and to propositional connectives also the basic set-theoretic oper- 

C^ ■ ators such as U, fl, \, and the predicates =, G, and C. MLS was proved decidable 

in |13j and extended over the years in several ways by the introduction of various 
operators, predicates, and restricted forms of quantification. 

Most of the decidability results in computable set theory deal with one-sorted 
multi-level syllogistics, namely collections of formulae involving variables of one 
type only, ranging over the von Neumann universe of sets. On the other hand, 
few decidability results have been found for multi-sorted stratified syllogistics, 
where variables of several types are allowed. This, despite of the fact that in 



many fields of computer science and mathematics often one deals with multi- 
sorted languages. 

An efficient decision procedure for the satisfiability of the Two-Level Syllogis- 
tic language {2LS), a version of MLS with variables of two sorts for individuals 
and sets of individuals, has been presented in [T^]. Subsequently, in [S], the ex- 
tension of 2LS with the singleton operator and the Cartesian product operator 
has been proved decidable. The result has been obtained by embedding 2LS 
in the class of purely universal formulae of the elementary theory of relations. 
Tarski's and Presburger's arithmetics extended with sets have been studied in 
[7] . The three-sorted language 3LSSPU (Three-Level Syllogistic with Singleton, 
with Powerset and general Union) has been proved decidable in [B] . More specif- 
ically, 3LSSPU has three types of variables, ranging over individuals, sets of 
individuals, and collections of sets of individuals, respectively, and involves the 
singleton, powerset, and general union operators, in addition to the operators 
and predicates present in 2LS. 

In this paper we present a decidability result for the satisfiability problem 
of the set-theoretic language 3LQS (Three-Level Quantified Syllogistic with 
Restricted quantifiers), which is a three-sorted quantified syllogistic involving 
individual variables, varying over the elements of a given nonempty universe D, 
set variables, ranging over subsets of D, and collection variables, varying over 
collections of subsets of D. 

The language of 3LQS admits a restricted form of quantification over in- 
dividual and set variables. Its vocabulary contains only the predicate symbols 
= and G. In spite of that, 3LQS allows to express several constructs of set 
theory. Among them, the most comprehensive one is the set former, which in 
turn allows to express other operators like the powerset operator, the singleton 
operator, and so on. 

We will prove that 3LQS enjoys a small model property by showing how 
one can extract, out of a given model satisfying a 3LQS -formula ijj, another 
model of ip of bounded finite cardinality. The construction of the finite model is 
inspired to the algorithms described in [T^], [S], and [5]. 

Then, we introduce the sublanguages {3LQS^)'^,oi 3LQS^, consisting of 
3 LQaS' -formulae having the quantifier prefixes of size bounded hy h > 2 and 
satisfying some further syntactic constraints. It is shown that each {3LQS )^ 
has the satisfiability problem NP-complete and that {3LQS Y can express the 
normal modal logic S5. 

The paper is organized as follows. In Section [51 we introduce the language 
3LQS and we illustrate its expressiveness. Subsequently, in Section [3] the ma- 
chinery needed to prove the decidability result is provided. In particular, a gen- 
eral definition of a relativized 3LQS -interpretation is introduced, together with 
some useful technical results. In Section|4l the small model property for 3LQS 
is established, thus solving the satisfiability problem for 3LQS^. Then, in Section 
[51 after some examples illustrating the expressivity of 3LQS in set theory, we 
introduce the sublanguages {3LQS^)'^, show that they have a NP-complete sat- 



isfiability problem, and that {3LQS )"^ can express the modal logic S5. Finally, 
in Sectional we draw our conclusions. 



2 The language 3LQS^ 

We present the language 3LQS of our interest as follows. We begin by defining 
in Section 12.11 the syntax and the semantics of a more general three- level quan- 
tified language, denoted 3LQS, which contains 3LQS as a proper fragment. 
Then, in Section [221 we characterize 3LQS by means of suitable restrictions 
on the usage of quantifiers in formulae of 3LQS. 



2.1 The more general language 3LQS 

SyntEDC of 3LQS The three- level quantified language 3LQS involveqj 

(i) a collection Vo of individual or sort variables, denoted by lower case letters 

x,y,z,...; 
(ii) a collection Vi of set or sort 1 variables, denoted by final upper case letters 

x,y,z,...; 

(iii) a collection V2 of collection or sort 2 variables, denoted by initial upper case 
letters A, B,C, .... 

The atomic formulae of 3LQS are defined as follows: 

(1) level atomic formulae: 

• X ^y,ioT x,y e Vq; 

• X e X , ioT X e Vo, X e Vi; 

(2) level 1 atomic formulae: 

• X = Y,ioT X,Y e Vi; 

• X eA, forXe Vi,Ae V2; 

• (Vzi) . . . (Vz„)iy9o: with ipo a propositional combination of level atoms 
and 2i, . . . , z„ variables of sort 0; 

(3) level 2 atomic formulae: 

• (yZi) . . . {\/Z,in)'Pi, where ipi is a propositional combination of level 
and level 1 atoms, and Zi, . . . , Z,„ are variables of sort 1. 

Finally, the formulae of 3LQS are all the propositional combinations of atoms 
of level 0, 1, and 2. 



^ In the paper, variables often come with numerical subscripts. Other types of sub- 
scripts are used in Section [S] for variables denoting sets or collections of sets of 
particular relevance (i.e., Xu, A^,h). 



Semantics of 3LQS A 3LQS -interpretation is a pair Ad — {D,M), where 

— D is any nonempty collection of objects, called the domain or universe of 
Ad, and 

— M is an assignment over variables of 3LQS such that 

• Mx G D, for each individual variable a; G Vq; 

• MX € pow{D), for each set variable X G Vi; 

• MA G pow(pow(£')), for all collection variables A G V2G 

Let 

- Ad — {D,M) be a SLQ-S"- interpretation, 

- a;i,...,a;; G Vo, 

- Xi, . . . , Xra G Vi , 

- Mi,...,Mi G D, 

- Ui,...,U„ie pow(L»), 

By 

A4[xi/Ui, . . . ,Xl/ui,Xi/Ui, . . . ,Xrn/UmA , 

we denote the interpretation AA' — {D, M') such that 

M'xi = Ui , for i = 1, . . . ,1 
M'Xj = f/,, for j = l,...,m 

and which otherwise coincides with Ad on all remaining variables. Throughout 
the paper we use the abbreviations: A^^ for AA[zi/ui, . . . , z„/w„] and A^^ for 
A4[Zi/Ui,...,Z,n/U„,]. 

Definition 1. Let (p be a 3LQS-formula and let AA. — {D,M) be a 3LQS- 
interpretation. We define the notion of satisfiability of (p with respect to Ad 
(denoted by AA \= if) inductively as follows 

1. Ad^x^y iff Mx = My; 

2. Ad\=xeX iff Mxe MX; 

3. Ad\=^X = Y iff MX = MY; 

4. Ai\=X eA iff MX G MA; 

5. Ad\= (yzi) ...{yzn)ipo iff Ad[zi/ui,...,Zn/un]\=po,forallui,...,u„e 
D; 

6. M h (V^i) • • • (VZ„0'/'i iffAd[Zi/Ui, . . . , Z,n/U,n] h fi, for allUi, . . . ,Un & 
pow{D). 

Propositional connectives are interpreted in the standard way, namely 
1. AA ^ (/?i A (/72 iff AA ^ Lp\ and Ad |= p^; 

8. AA ^ (/?i V (/72 iff AA 1= p\ or AA |= ^2; 

9. Ad'^^if iff AAY-if. U 

Let iphea, 3L(55'-formula, if AA \= -0, i.e. AA satisfies tp, then AA is said to be 
a 3LQS-model for tp. A 3LQS-ioTTmi\a is said to be satisfiable if it has a 3LQS- 
model. A SLQiS'- formula is valid if it is satisfied by all 3L els'- interpretations. 



^ We recall that, for any set s, pow(s) denotes the powerset of s, i.e., the collection of 
all subsets of s. 



2.2 Characterizing 3LQS^ 

3LQS is the subcollection of the formulae ip of 3LQS such that, for every 
atomic formula (VZi), . . . , (VZ„i)(pi of level 2 occurring in ip and every level 1 
atomic formula of the form (Vzi) . . . (Vz„)(po occurring in ipi, the condition 

n m 
^^0^ f\\/ Z^e Z, (1) 

is a valid SiQS'- formula (in this case we say that the atom (Vzi) . . . (Vz„)iy9o is 
linked to the variables Zi , . . . , Z^a ) • 

Condition ^ guarantees that, if a given interpretation assigns to zi, . . . , z„ 
elements of the domain that make iy9o false, such values are contained in at least 
one of the subsets of the domain assigned to Zi, . . . , Zm ■ As shown in the proof of 
statement (ii) of Lemma SI this fact is used to make sure that satisfiability is pre- 
served in the finite model. As the examples in Section [5] illustrate, condition ((TJ 
is not particularly restrictive. 

The following question arises: how one can establish whether a given 3LQS- 
formula is a 3^(55 -formula? Observe that condition ([T]) involves no collection 
variables and no quantification. Indeed, it turns out to be a 2iS'-formula and 
therefore one could use the decision procedures in [T2] to test its validity, since 
3LQS is a conservative extension of 2LS. We mention also that in most cases of 
interest, as will be shown in detail in Section [5l condition ([T]) is just an instance 
of the simple propositional tautology -^{A -^ B) -^ A, and therefore its validity 
can be established just by inspection. 

Finally, we observe that though the semantics of 3LQS plainly coincides 
with the one given above for 3 L (55- formulae, nevertheless we will refer to 3LQS- 
interpretations of 3LQS -formulae as 3LQS -interpretations. 

3 Relativized interpretations 

We introduce the notion of relativized interpretation, to be used together with 
the decision procedure of Section |4?2] to construct, out of a model At = (D, M) 
for a 3i/ (55 -formula ip, a finite interpretation A4.* = {D* , M*) of bounded size 
satisfying ip as well. 

Definition 2. Let M = {D, M) he a 3LQS^ -interpretation. Let D* C D, d* G 

D* , and V{ C Vi. The relativized interpretation Re\{Ad, D* , d* ,V{) of Ai with 
respect to D* , d* , and V{ is the interpretation {D*,M*) such that 



M*x 



Mx , if Mx e D* 

d* , otherwise 
M*X = MX n D* 
M*A = {{MAr\vo^{D*)) 

\{M*X : X e V[}) U {M*X : X e V^, MX e MA} . 

a 



The definition of relativized interpretation given above is inspired by the con- 
struction of the finite model described in [T^, [5], and in [5]. We spend some 
words on the intuition behind the definition of M*A. Analogously to M*X, 
M* A is obtained from the intersection of the interpretation of A in Al with 
the power set of the finite domain D* . However, such operation may leave in 
MA n pow(I?*) some sets J such that J = M*X but MX ^ MA. Such J's 
have to be removed from the restricted interpretation of A in order to guarantee 
that satisfiability of f/' is preserved. Further, there also may be some MX £ MA 
such that M*X ^ MA n pow(_D*). Again, to let the restricted model preserve 
satisfiability of i}}, such M*X have to be added to the interpretation of A in the 
restricted model. 

For ease of notation, we will often omit the reference to the element d* e D* 
and write simply Rel(M, D* ,V[) in place of Rel(Al, D*,d*,V[). 

The following satisfiability result holds for unquantified atomic formulae. 

Lemma 1. Let M. = {D,M) be a 3LQS -interpretation. Also, let D* C D, 
d* e D*, andV[ C Vi be given. Let us put M* = Rc\{M, D* ,d*,V[). Then the 
following holds. 

(a) A4* \= X = y iff M. \== x = y, for all x,y ^ Vq such that Mx, My G D* ; 

(b) M.* 1= a; e X iff M. ^ x e X , for all X e Vi and x e Vq such that 
Mx e D*; 

(c) M* t= X = r iff M ^ X = Y , for all X,Y e Vi such that if MX ^ MY 
then {MX AMY) C\D* ^ 0; 

(d) if for all X,Y (^V[ such that MX ^ MY we have {MXAMY)n D* ^ 0, 
thenM*^XeA iff M ^ X e A, for all X e Vi, A eV2U 

Proof. 

Cases (a), (b) and (c) are easily verified. We prove only case (d). To this end, 
assume that for all X,Y eV[ such that MX ^ MY we have {MXAMY)nD* ^ 
0. Let X G V; and A e V2. If MX G MA, then obviously M*X G M*A. On the 
other hand, if MX ^ MA, but M*X G M*A, then we must necessarily have 
M*X = M*Z, for some Z G V{ such that MZ G MA. But then, as MX ^ MZ, 
from our hypothesis we would obtain M*X ^ M*Z, which is a contradiction. 



3.1 Relativized interpretations and quantified atomic formulae 

Satisfiability results for quantified atomic formulae are treated as shown in the 
following. Let us put 



M''* =Re\iM^D*,V[) 

M*'^ = M.*[zi/ui,...,Zn/Ur, 



^ We recall that A denotes the symmetric difference operator defined by sAt = (s \ 
t)U{t\s). 



M^^* - Rel(M^, D*,V[u{Zi,..., Z„}) 



The following lemmas provide useful technical results to be employed in the 
proof of Theorem [1] below. In particular, Lemmas [2] and [31 which are simply 
stated without proof, are used to prove Lemma SI 

Lemma 2. Let ui, . . . , w„ G D* and let zi, . . . , Zn G Vq- Then, for every x G Vo 
and X G Vi we have: 

(i) M*'^x = M^'*a;, 
(ii) M^'*X = M*'^X. 

Lemma 3. Let M = (£>, Af ) be a ?>LQS^ -interpretation, D* C D, V( C Vi, 
^1, . . . , Z™ G Vi \ V[, Ui,...,Ume pow{D*) \ {M*X : X G V(}. 
Then the 3LQS -interpretations A4*' and Al '* coincide. 

Lemma 4. Let At = {D,M) be a 3LQS^ -interpretation. Let D* C D, d* G 

D*, V[ C Vi be given, let M* = Rel(A4, D*,d*,V[). Further, let (Vzi) . . . (Vz„)(/?o 
and (yZi) . . . {yZ.„i)^pi be atomic formulae of level 1 and 2, respectively, such that 
Mx G D* , for every x G Vo occurring in ipo or in ipi. Then we have 

(i) if M.^ (Vzi) . . . (Vz„)(/3o, then M* h (^-^i) ■ • ■ (^Zn)(po; 
(ii) if Ad \= (VZi) . . . (yZjn)'Pi, then Ai* \= (VZi) . . . (yZm)^i, provided that 

• {MX AMY) r\D* ^%, for every X, F G Vi with MX ^ MY, and that 

• there are wi,...,m„ G D* such that A4[ui/ui, . . . , u„/u„] ^ (fQ, for 



every (Vzi) . . . (Vz„)(po riot satisfied by M., and occurring in ipi ^'"'' " 



with Xi , . . . , Xm variables in V( . 
Proof. 

(i) Assume by contradiction that there exist mi, . . . , u„ G I?* such that Al*'^ ^ 
lPq. Then, there must be an atomic formula (^q in Lp^ (either of type x = y 
or X G X) that is differently interpreted in A4*'^ and in M.^ . 
Let us suppose first that ip'^^ is the atom x — y and, without loss of gener- 
ality, that M* '^ ^ a; = y. By Lemma H we have M^'*x ^ M'''*y. Since 
M^'*x = M^x, M^'*y = M^y, and, by hypothesis, M^x = M^y, we obtain 
a contradiction. 

Now let us suppose that Lp^ is the atom x G X and, without loss of generality, 
assume that M*'"" ^ a; G X. By Lemma [H we have M'-'*x ^ M^'*X, that 
is M^x ^ M^X n D* , again a contradiction. 

(ii) Assume, by way of contradiction, that Ai* ^ (yZi) . . .{\/Zm)'Pi- Hence 
there exist C/i, . . . , Um G pow{D*) such that M*'^ ^ fi. 
Without loss of generality, assume that Ui = M*Xi, for 1 < i < fc (fc > 0) for 
some variables Xi, . . . , Xk in V{, and that Uj j^ M*X for all fc + 1 < j < to 
and for all variables X in V(. 



Let ifi be the formula obtained by simultaneously substituting Zi, . . . , Zk 
with Xi, .. ..Xkimpi, and let M.*'^'' = Ad*[Zk+i/Uk+i, ■ ■■ , Zm/Um]- Fur- 
ther, let A4^ be a SLQS* -interpretation differing from A4 only in the 
evaluation oi Zi,...,Zk {M^' Zi = MXi, ..., M^' Zk = MXk). 
Now we can distinguish two cases. 

If A; = TO, then A4*' '' and M.* coincide and a contradiction can be obtained 
by showing that the implications 

hold. Hence, against the hypothesis, we get that M. Y= C^^i) • • • ^Zm)'fi- 
The first implication, Al*' ^ t/Ji => M.* Y= (pi, is plainly derived from the 
definition of (pi. The second one, Al* ^ (^i => A4 Y^ Cpi, can be proved by 
showing that M.* and Al interpret each atomic formula Cp'i occurring in (pi 
in the same manner. 

If Cp'i is an atomic formula of level or an atomic formula of level 1 of type 
X ^Y and X ^ A^ the proof follows directly from Lemma [1] 
If (p'l is an atomic formula of level 1 of type (Vzi) . . . , (Vz„)(y9o, the im- 
plication At 1= (Vzi) . . . (Vz„)i^o ^ M* \= (Vzi) . . . (Vz„)(^o follows from 
statement (i) of the lemma, whereas M* \= (Vzi) . . . (Vz„)(po =^ At |= 
(Vzi) . . . (Vz„)(po can be proved by contradiction as follows. Assume that 
^A. ^ (Vzi) . . . (Vz„)(^o- Then, by hypothesis, there are ui, . . . , m„ in D* such 
that A1[2;i/mi, . . . , 2;„/u„] ^ (^o and, by Lemmas[Tl[21 Al*[2:i/ui, . . . , 2;„/u„] \ 
ipo contradicting our hypothesis. 

The last impHcation, A4 ^ (^i => At^ ^ i^i, is deduced by the definition 
of <fi and of Z' . 

li k < m, the schema of the proof is analogous to the previous case. However, 

since Al*' '' and Al* do not coincide, the single steps are carried out in a 

slightly different manner. Thus, for the sake of clarity we report the proof 

below. 

In order to obtain a contradiction we prove that 

At*'^ ^^1^ M*'^" ^^1^ M^" ^ (^1 ^ At^' ^ ipi 

hold. 

The first implication At*' Y^ (pi ^ At*' '' Y= ^i can be immediately 
deduced from the definition of (pi and of At*' '". The second implication 
Al*' ^ Y^ Cpi ^ A4 ^ Y^ Cpi can be proved by showing that every atomic 
formula (p'l in (pi is interpreted in Al*' '^ and in At '' in the same way. 
The proof is straightforwardly carried out using Lemmas |3] and [1] in case (p'l 
is an atomic formula of level 0, or an atomic formula of level 1 of type X — Y 
and X £ A. 

If (p'l is an atomic formula of level 1 of type (Vzi) . . . (Vz„)(po, 'we first show 
that At^" 1= (Vzi) . . . {\/zn)Lpn implies that At*'^* |= (Vzi) . . . (Vz„)v3o- 
If At^'= h (V^i) ■ • ■ (Vz„)(^o, we have that At^*'* ^ (V^i) • . • (V2„)^o, by (i) 
of the present lemma, and that At*' * \= (Vzi) . . . i\lzn)^o, by Lemma |31 



Now, let us show that Ad*'^"" ^ (Vzi) . . . (Vz„)(y9o imphes that Ad^'' \= 
(Vzi) ...(Vz„)<^o- 

Assume by contradiction that A4 '" ^ (V^i) . . . {Wzn)^o- Then there exist 
wi, . . . , M„ G -D such that Ad '' [zi/ui, . . . , z„/u„] ^ ipo- In particular, by the 
condition -k^q -^ ^f=i '^JLk+i ^i ^ -^i' "^^ derive that wi, . . . , w„ are elements 
of D* . This allows us to apply Lemma [1] and to obtain that Ad '"^'* ^ 
(po- Then, by Lemma [2] we obtain Ad '"*'^ y= ipo and hence Ad *"* ^ 
(Vzi) . . . (Vz„)(/3o- Thus, Lemma [3] yields Al*' *" ^ (Vzi) . . . (Vz„)i^o con- 
tradicting the hypothesis. 

Finally, the third implication, A4 '^ ^ <^i => A^ ^ (ySi is directly derived 
from the definition of (fi and of Z'. ■ 

4 The satisfiability problem for 3XQ5^-formuIae 

In this section we solve the satisfiability problem for 3LQS , i.e. the problem of 
establishing for any given formula of 3LQS whether it is satisfiable or not, as 
follows: 

(a) firstly, we reduce effectively the satisfiability problem for SLQS' -formulae 
to the satisfiability problem for normalized 3LQS -conjunctions (these will 
be defined precisely below); 

(b) secondly, we prove that the collection of normalized SLQS' -conjunctions 
enjoys a small model property. 

From (a) and (b), the solvability of the satisfiability problem for 3LQS follows 
immediately. Additionally, by further elaborating on point (a) , it could easily be 
shown that indeed the whole collection of SLQS' -formulae enjoys a small model 
property. 

4.1 Normalized 3£Q5 -conjunctions 

Let ■0 be a formula of 3LQS and let 4'dnf be a disjunctive normal form of 
ip. Then ip is satisfiable if and only if at least one of the disjuncts of i^dnf is 
satisfiable. We recall that the disjuncts of iJ^dnf are conjunctions of level 0, 1, 
and 2 literals, i.e. level 0, 1, and 2 atoms or their negation. In view of the previous 
observations, without loss of generality, we can suppose that our formula ip is 
a conjunction of level 0, 1, and 2 literals. In addition, we can also assume that 
no bound variable in ip can occur in more than one quantifier or can occur also 
free. 

For decidability purposes, negative quantified conjuncts occurring in -0 can 
be eliminated as explained below. Let At — {D, M) be a model for ■0- Then 
A4 \= -i(Vzi) . . . {\fzn)(po if and only if A4[zi/ui, . . . , z„/u„] \= -^ipo, for some 
Ui,...,Un G D, and Ad \= -'{\fZi) . . . {\/Z,fn)ipi if and only if 
Ai[Zi/Ui, . . . , Zjn/Um] \= ""Pi, for some f/i, . . . , Um G pow(D). Thus, each neg- 
ative literal of type -i(Vzi) . . . (Vz„)(po can be replaced by -1(930)!'' '!r, where 



z'l, . . . , z'^ are newly introduced variables of sort 0. Likewise, each negative literal 
of type -i(V^i) . . . {\/Zm)(pi can be replaced by "'('(Si)^^"'^'", where Z[, . . . , Z'^ 
are newly introduced variables of sort 1. 

Hence, we can further assume that V' is a conjunction of literals of the fol- 
lowing types: 

(1) x = y, -^{x = y),xe X, -^{x e X), X ^ Y, -^{X = F), X G A, -^{X e A); 

(2) (Vzi) . . . (Vz„)(po, where n > and ^po is a propositional combination of level 
atoms; 

(3) (VZi) . . . {\fZrn,)^i, where tti > and ipi is a propositional combination of 
level and level 1 atoms, where atoms of type (Vzi) . . . (Vz„)iy9o in ^i are 
linked to the bound variables Zi , . . . , Zm ■ 

We call such formulae normalized 3LQS -conjunctions. 
4.2 A small model property for normalized 3LQS -conjunctions 



fiability problem for normalized 3LQS -conjunctions only. 

Thus, let '0 be a normalized 3LQS -conjunction and assume that A^ 



In view of the preceding discussion we can limit ourselves to consider the satis- 
fiability problem for nori 

Thus, let '0 be a noi 
{D, M) is a model for 0. 

We show how to construct, out of Al, a finite 3 LQi? -interpretation M.* = 
{D*,M*) which is a model of ip. We proceed as follows. First we outline a 
procedure to build a nonempty finite universe D* C D whose size depends 
solely on ip and can be computed a priori. Then, a finite 3LQS -interpretation 
Ad* = {D* ,M*) is constructed according to Definition [2l Finally, we show that 
M.* satisfies 0. 

Construction of the universe D* . Let us denote by Wo, VVi, and W2 the 
collections of the variables of sort 0,1, and 2 present in 0, respectively. Then we 
compute D* by means of the procedure described below. 

Let ipi, . . . ,ipk be the conjuncts of ip. To each conjunct 0.^ of the form 
(yZii) . . . {\/Zimi)^i we associate the collection ipn^ . . . , ipn. of atomic formu- 
lae of type (2) present in the matrix of ipi and call the variables Zn, . . . , Zim^ 
the arguments of ipn, . . . , ipu-. Then we put 

(p = {ip^j : I <i < k and 1 < j < ii}. 

For every pair of variables X, Y in Wi such that MX ^ MY, let ux.y be 
any element in the symmetric difference of MX and MY and put Ai = {uxy '■ 
X, Y in Wi and MX ^ MY}. If Z\i is constructed applying the procedure Dis- 
tinguish described in [8], it holds that |Z\i| < |VVi| — 1. 

We initialize D* with the set {Mx : a; in Wo} U Z\i. Then, for each ip e <P oi 
the form (Vzi) . . . (Vz„)(y3o having Zi, . . . , Zm as arguments and for each ordered 
m-tuple {Xi-^, . . . ,Xi^) of variables in Wi, if Mipa^^. '■■■' ^"^ — false we insert 
in D* elements mi, . . . , m„ G D such that 
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otherwise we leave D* unchanged. 

From the previous construction it easily follows that 

\D*\ < |>Vo| + |Wi|-l + ((|>Vir"'^™)niaxn)|<?|, (2) 

where max m and max n are respectively the maximal number of quantifiers in 
formulae of level 2 and the maximal number of quantifiers in formulae of level 1 
occurring in quantified formulae of level 2. Thus, in general, the domain of the 
small model D* is exponential in the size of the input formula ip. 



Correctness of the relativization. Let us put Ai* — Rel(Al, -D*, Wi). We 
have to show that, if Ad |= ip, then A^* ^ </>. 

Theorem 1. Let M. he aZLQS -interpretation satisfying a normalized 3LQS - 
conjunction ij} . Further, let AA* = Rel(Al, -D*, Wi) he theSLQS -interpretation 
defined according to Definition [^ where D* is constructed as descrihed ahove, 
and let Wi he defined as ahove. Then AA.* \= ip- 

Proof. 

We have to prove that AA* ^ ip' for every literal ip' in ip. Each ip' is of one 
of the three types introduced in Section [4. II By applying Lemma [T] or 2] to every 
ip' in ip (according to the type of ip') we obtain the thesis. 

Notice that the hypotheses of Lemma [T] and of Lemma 2] are fulfilled by the 
construction of D* outlined above: 

- Mx G D*, for every variable x G Vq. Furthermore, (MX AMY) n D* ^ 
for every X,Y (^ Vi such that MX ^ MY (one just needs to substitute the 
generic set of individual variables Vq with Wo and Vi with Wi); 

— for every atomic formula of type (Vzi) . . . {\/zn)(po occurring in an atomic 
formula of level 2 and such that AA ^ (Vzi) . . . {\fzn)ipo, there are ui, . . . , w„ 
elements of D* such that AA[zi/ui, . . . , 2;„/u„] ^ (po- ■ 

From the above reduction and relativization steps, it is not hard to derive 
the following result: 

Corollary 1. The fragment 3LQS enjoys a small model property (and there- 
fore its satisfiahility prohlem is solvahle). ■ 



5 Expressiveness of the language 3LQS^ 

Several constructs of elementary set theory are easily expressible within the 
language 3LQS^. In particular, as will be shown below, it is possible to express 
with 3 iQ/S -formulae a restricted variant of the set former, which in turn allows 
to express other significant set operators such as binary union, intersection, set 
difference, the singleton operator, the powerset operator and its variants, etc. 
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(1) X = Y, X CY 




{5)^{X = Y), 


<X C Y) 


(2) X = YnZ,X = 


--YUZ 


(6) xex 




(3) X = Y 




(7) -^{x = y) 




(A) X = 0, X = 1 




{8)x^y 





Table 1. 2LS literals. 



More specifically, atomic formulae of type X = {z : f{zy\ can be expressed 



in 3LQS by the formula 



{yz){z e X ^ ip{z)) , 



(3) 



provided that after transforming it into prenex normal form one obtains a for- 
mula satisfying the syntactic constraints of 3LQS . In particular, this is always 
the case whenever (p{z) is any unquantified formula of 3LQS . 

The same remark applies also to atomic formulae of type A = {Z : ip{Z)}. 
In this case, in order for a prenex normal form of 



(VZ)(Z eA^ ip{Z)) 
to be in the language 3LQS , it is enough that 



(4) 



(a) ifii^Z) does not contain any quantifier over variables of sort 1, and 

(b) all quantified variables of sort in (p{Z) are linked to the variable Z as 
specified in condition (P). 

In what follows we introduce the stratified syllogistics 2LS, already men- 
tioned in the introduction, and 3LSSP (Three-Level Syllogistic with Singleton 
and Powerset), and describe their formalization in 3LQS . Then we show how 
to express some other set-theoretical constructs. Finally, in Section 15.41 we in- 
troduce a family of sublanguages of 3LQS having the satisfiability problem 
NP-complete and able to express the modal logic S5. 



5.1 Two-Level Syllogistic 

2LS is a fragment of the elementary theory of sets admitting individual vari- 
ables, X, y,z, . . ., set variables, X, Y, Z, . . ., and the constants and 1 standing 
respectively for the empty set and the domain of the discourse. Terms and for- 
mulae of 2LS are constructed out of variables and constants by means of the set 
operators of union, intersection, and set complementation, the binary relators 
= , G, and C, and the prepositional connectives. 

2LS has been proved decidable in [T^ by a procedure that, taking as input 
a conjunction (p of literals of the forms illustrated in Table [U stops with failure 
in case ip is unsatisfiable, otherwise returns a model for tp. 
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(1) 


yl = 


= B, 


A<ZB 




(4) 


^ = 0, 


A = 


1 




(2) 


A^ 


= BnC, A^ 


--BUC 


(5) 


^{A = 


B), 


^{A 


<^B) 


(3) 


A = 


= A 






(6) 


xeA 









Table 2. 3LS literals. 



(1) X = {x} (2) A = {X} (3) A = pow(X) 



Table 3. Literals with singleton and powerset set operators. 



Every literal from Table [T] can readily be expressed as a formula of 3LQS . 
Indeed, X = y is an atomic formula of level 1 of 3LQS , whereas X C Y can 
be expressed by the quantified atomic formula (Vz)(z G X -^ z G F) of level 1. 
X = Y U Z can be translated into the formula (Vz)((z eY\/z£Z)<r^zeX) 
and X = Y n Z into (Vz)((z eYAzeZ)^ze X). X = Y can be expressed 
by (Vz)(z G X <->■ ^(z G Y)). Literals of type X = and X ~ 1 are translated 
in the atomic formulae of level 1 (Vz)^(z G X) and (Vz)(z G X), respectively. 
Literals of 2LS of type (6), (7), and (8) are just atomic formulae of 3LQS of 
level 0. 



5.2 Three Level Syllogistic with Singleton and Powerset 

3LSSP is the sublanguage of 3LSSPU not involving the set theoretic construct 
of general union. It can be obtained from 2LS by extending it with a new sort of 
variables A,B,C, . . ., ranging over collections of sets. Furthermore, besides the 
usual set theoretical constructs, 3LSSP involves the set singleton operator {■} 
and the powerset operator pow. 

3LSSP can plainly be decided by the decision procedure presented in [6] for 
the whole 3LSSPU. 

All formulae in Tables [5] and [3] are readily expressible by Si Q^ -formulae. 
For instance, A = B can be translated into the 3LQS -iormula, {\/Z){Z G A O 
Z € B) oi level 2, whereas AC B can be formalized as (VZ)(Z € A^ Z e B). 
The literals A^ BnC and A ^ BUC ca.n he translated into (VZ)(Z e A <^ 
{Z G BAZ G C)) and (VZ)(Z G A o (Z G B\/Z G C)), respectively. ^ = B can 
be expressed by (yZ){Z G A o -^{Z G B)). Literals of type A = and A = 1 
can be expressed by the formulae {VZ)^{Z G A) and (VZ)(Z G A), respectively. 
Literals of type (6) are just atomic SLQ'S' -formulae of level 1. 

The singleton of level 1, X — {x}, is expressed by the atomic formula (Vz)(z G 
X ^ z — x) oi level 1, whereas the singleton of level 2, A — {X}, is translated 
into the formula (VZ)(Z e A <r^ Z = X) oi level 2. Finally, the powerset of 
a set X, A = pow{X), is translated into the formula (p = {\IZ\Z G A O 
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(yz){z ^ Z ^ z ^ -^))- It is easy to check that (p satisfies the restriction on 
quantifiers introduced in Section 12.21 In fact, putting Lp^ = [z ^ Z ^^ z <^ X) 
and considering that the general expression AiLi Vj'li ^i ^ ^j i^ this case just 
reduces to z G Z, we have that the condition ^(^o -^ Kl^x ViLi ^i £ '^i is 
instantiated to-i(zGZ— j-zgX)— !>zG^, which is an instance of the 
tautological schema ^(A — ^ _B) — > A. 

5.3 Other set theoretical constructs expressible in 3LQS 

Other constructs of set theory are expressible in the 3LQS formalism. 

For instance, the literal A ~ pow<^(X), where pow<^(X) denotes the collec- 
tion of all the subsets of X having at most h distinct elements, can be expressed 
in 3LQS^ as 

(VZ)(z e A o ((Vz)(z ez ^zeX) 

A(Vzi)...(Vz„+i)(Af+i'z, ez 

Likewise, the literals A = pow^^(X) and A = pow^^(X), where pow^;j(X) and 
pow^;j(JY') denote, respectively, the collection of subsets of X with less than h 
elements and the collection of subsets of X with exactly h distinct elements, can 
be expressed in an analogous way. 

In the formalization oi A — pow<^(X) given above, the restriction on quan- 
tifiers of Section [22] is satisfied. This can easily be verified for both conjuncts 

ipi = (Vz)(z e Z ^ z e X), and 

(^2 EE (Vzi) . . . (Vz.+i)(At\' ^. e ^ ^ -(AS A .ti,,^. -{^^ = ^,)))- 

The verification of the validity of condition ((1} for ipi is identical to the one 
shown for the formula considered in the previous paragraph. Thus we just check 
its validity for Lp2. 

One just needs to put ip^ = Ai=i Zi ^ Z ^ ~'(A/=i Aj=ij^i ~'(^i = ^j)) and 

observe that A^^i V"li ^i ^ ^j is just A/=i ^i ^ ^- Thus -^ipo -^ Ar=i V"li ^i ^ 
Zj is just the formula 

h+l h+l h+l h+l 

^{f\z,eZ^^{f\ f\ ^{z, = z,)))^ f\z,eZ 

2—1 2—1 j — lj^i i—1 

which again is plainly an instance of the propositional tautology -^{A — ;> i?) — > A. 
The Cartesian product A = Xi (8) . . . ® Xn can be formalized by the "iLQS^- 
formula 

(VZ)(z e A o ((Vzi) . . . (Vz„)(Ati z,^z^ ALi ^« e Xi) 
A(Vzi)...(Vz„+i)(Ar=i'2. e^ 
^-(Ar=M;;i,,^.-(^. = ^,)))))- 

Even in this case, condition ([1]) on quantifiers is satisfied as well. This can 
be checked for both the conjuncts 
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(Vzi) . . . (Vz„)(Ati z, e Z ^ ALi 2* e X.), and 

(vzi) . . . (vz„+i)(ArJ"/ z. G ^ -^ -(Ar=i' a;;i.,^. -(^. = ^.))) 

just as in the previous examples. 

Another interesting variant of the power set is the pow*(Xi, . . . , X„), which 
denotes the coUection 

n 

{Z : Z C [j X, and Z n X^ ^ ill, for aU 1 < i < n} 

1=1 

introduced in 0]. The hteral A — pow*(Xi, . . . , X„) is expressed in 3LQS by 

(VZ)(Ze Ao 

((Vz)(z ez^ze V-Li 2 e ^^) A A-Li -(Vz)(z e z ^ -z g x,)). 

Also with this formula one can verify that the restriction on quantifiers is 
satisfied by checking the subformulae: 

(Vz)(zeZ^ze VHi^eX,), 

(Vz)(z e Z -> -iz G Xi), for i = 1, . . . ,n. 

5.4 Other applications of 3iQS^^ 

In this section we introduce a family {{3LQS^)'^}h>2 of sublanguages of SLQS'^, 
each having the satisfiability problem N P-complete. Then, in Section 15.41 we 
illustrate how the modal logic S5 can be expressed by the language {3LQS )^. 
Formulae in {3LQS Y^ must satisfy several syntactic constraints, as speci- 
fied in Definition |3] below, that are crucial to establish N P-completeness of the 
satisfiability problem for the language, specifically to show that it is in NP. First 
of all, the length of all quantifier prefixes occurring in a formula of {2>LQS )^ 
must be bounded by the constant h. Thus, given a satisfiable (3-L(55^)''-formula 
(fi and a 3 L (55 -model Al = (-D, M) for it, from Theorem [T] it follows that (p is 
satisfied by the relativized interpretation Al* — {D*,M*) of M. with respect 
to a domain D* having its size bounded as specified in ©. Since max to and 
maxn occurring in ^ are bounded by the constant /i, it follows that the bound 
expressed in ^ is polynomial in the size of Lp. The other syntactic constraints 
on (3L(3S'^)''-formulae are introduced to deduce that M*A C pow^ ,j(_D*), for 
any free variable A of sort 2 in c^, so that the model M.* can be guessed in non- 
deterministic polynomial time in the size of iy9, and the fact that Al* actually 
satisfies ip can be verified in deterministic polynomial time. This is enough to 
prove that the satisfiability problem for (3^(5.5 )''-formulae is in NP. 

Definition 3 ((3L(5S' )''-forniulae). Let ip be a 3LQS -formula and let Ai, . . . , 
be all the variables of sort 2 occurring in it. Then p is a {3LQS )^ -formula, with 
h >2, if it has the form 

& A ^„j, A V'l A . . . A V-p A X , 
where 
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1. ^u = (Vz)(z e Xu) 

i.e., Xu is the (nonempty) universe of discourse; 

2. Uh ^ (VZ) (Z e A^.n o (Vzi) . . . (Vz,) (Ati z. ^ Z ^ Vt=i,.<.- ^^ = ^^■)) 
i.e., ^Itt,/! = pow^^(Xt/) (together with formula ^u)', 

3. i/., = (VZ)(Z €A,^Z^ A^j,), fori = l,.. . ,p; 

i.e., Ai C poWjr,j(Xt/), for i = 1, . . . ,p (together with formulae ^u and ^ttJi); 
4- X '^s a propositional combination of 

(a) quantifier-free atomic formulae of any level, 

(h) quantified atomic formulae of level 1 of the form 

(^zi) . . . (Vz„)(po , 

with n <h, 
(c) quantified atomic formulae of level 2 of the form 

(VZi) . . . (VZ„)((Zi e A^j, A . . . A Z„ e A^j,) -^ (^i) , 

where m < h and ipi is a propositional combination of quantifier-free 
atomic formulae and of quantified atomic formulae of level 1 satisfying 



(4-b) above. 

Next we give the following complexity result on {3LQS )'^. 

Theorem 2. The satisfiability problem for {iLQS )^ is NP-complete. 

Proof. NP-hardness of our problem can be proved by reducing an instance of 
the satisfiability problem for propositional logic to our problem. 
We prove that our problem is in NP reasoning as follows. Let 

V' = Ct/ A i^^h A V-i A . . . A V'p A X (5) 

be a satisfiable (SLQi? )''-formula, and let iJ^ be a set of formulae defined as 
follows. Initially, we put 

H^ := {Cc/,^7r,?i,'0i,---,V'p,x} 

and then, we modify H^ according to the following five rules, until no rule can 
be further applied: 

Rl: if e = — Ci is in i?^, then H^ = [H^ \ {£}) U {6}, 

R2: if ^ = ^1 A ^2 (resp., ^ = -i(^i V ^2)) is in H^ (i.e., ^ is a conjunctive 
formula), then we put H^ := {H^ \ {f}) U {^1,6} (resp., H^p := (H^p \ 

U})u{-6,-6}), 

R3: if ^ = 'fi Vf2 (resp., £_ = -'(■Ci A^2)) is in 7f^ (i.e., ^ is a disjunctive formula), 
then we choose a ^i, i G {1, 2}, such that H^ U {^i} (resp., H^ U {-'6}) is 
satisfiable and put 7f<p := (-ff^^VUDulCJ (resp., iJ.^ := {H^\{0)^{^^^}), 

R4: if e = -(Vzi) . . . (Vz„)(^o is in H^, then H^ := iH^\{0)'J{^i^o)ll::.:Z}, 
where zi, . . . ,z„ are newly introduced variables of sort 0, 
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R5: ife = -(VZi)...(VZ™)(piisinH^,theni7^:-(i/^\{e})u{-((pi)f;;;;;;|;;;}, 

where Zi , . . . , Z^a are new variables of sort 1 . 

It is easy to see that the above construction terminates in ©([(/jj) steps. Let us 
put V = AcGH^ t Clearly 

(a) f/' is a satisfiable (SLQ^* )''-forniula, 

(b) IV-I = O(l^l), and 

(c) •(/; -^ (^ is a valid SLQS' -formula. 

In the light of (a)-(c) above, to prove that our problem is in NP, we only have 
to construct in nondeterministic polynomial time a ZLQS -interpretation and 
show that we can check in polynomial time that it actually satisfies '(/'. 

Let M = (D.M) be a 3Lg5'^-model for iP and let M* = {D*,M*) be 
the relativized interpretation of M. with respect to a domain D* , hence such 
that |D*| = 0{\ip\^+'^), since V is a (3Lg5'^) ''-formula (cf. Theorem [U and the 
construction described in Sections 14.21 and ^ . 

In the light of the remarks just before Definition [3l to complete our proof we 
just have to verify that 

— M*A C pow^;j(_D*), for any free variable A of sort 2 in i/j (which entails 
that \M*A\ = 0{\D*\^)), and 

— M.* \= ^ can be verified in deterministic polynomial time. 

The first statement can easily be checked making the following considerations. 
By the formula ^tt,/!., we have that M*^^^^ — pow^f^{D*). Concerning the other 
AiS of sort 2 occurring in ip, we just have to notice that "0 must contain a conjunct 
tpi associated to Ai that, together with ^^^^ ensures that M* Ai C pow^,j(D*). 
The proof of the second statement follows from the fact that each quantified 
subformula of ip has the quantifier prefix bounded by h and that each quantified 
formula of level 2 has its quantified variables of level 1 ranging in pow^;j(_D*). 

Hence the satisfiability problem for (SLQS )''-formulae is in NP, and since 
it is also NP-hard, it follows that it is NP-complete. 

In the next section we will show how the 3LQS fragment can be used to for- 
malize the modal logic S5. 

Formalization of S5 in 3LQS Let us start with some preliminary notions 
on modal logics. The modal language Lm is based on a countably infinite set 
of propositional letters V = {pi,p2, ■ ■ ■}, the classical propositional connectives 

'-i', 'A' , and 'V', the modal operators 'D', '0' (and the parentheses). Lm is the 
smallest set such that V C Lm, and such that ii ip,ip S Lm, then -k^, ip Aip, 
if V -0, Oip, Of e Lj\/. Lower case letters like p denote elements of V and Greek 
letters like ip and tp represent formulae of Lm- Given a formula ip of Lm, we 
indicate with SuhF{if) the set of the subformulae of p. 

A normal modal logic is any subset of Lm which contains all the tautologies 
and the axiom 

K : U{pi -^ P2) -^ (Dpi -^ Up2) , 
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Axiom 


Schema 


Condition on R 


T 


Dp — >• p 


Reflexive 


5 


Op -^ D(}p 


Euclidean 


B 


p^ aop 


Symmetric 


4 


Dp -5> DDp 


Transitive 


D 


ap-^Op 


Serial: {\/w)(3u)R{w,u) 



Table 4. Axioms of normal modal logics 



and which is closed with respect to modus ponens, substitution, and necessitation 
(the reader may consult a text on modal logic like [3] for more details). 

A Kripke frame is a pair (W, R) such that VF is a nonempty set of possible 
worlds and i? is a binary relation on W called accessibility relation. If R{w, u) 
holds, we say that the world u is accessible from the world w. A Kripke model is 
a triple (W, R, h), where {W, R) is a Kripke frame and /i is a function mapping 
propositional letters into subsets of W. Thus, h{p) is the set of all the worlds 
where p is true. 

Let K = {W, R, h) be a Kripke model and let w be a world in K . Then, for 
every p G V and for every <p, ^ S Lm, the relation of satisfaction |= is defined as 
follows: 

— KjW \^ p iS w (z h(p); 

— K ,w \= ip W ^ iS. K ^w \^ Lp OT K ^w \= ip] 

— K,w \= Lp /Xij: \E K ,'w \= ip and K,w ^ ^; 

— K,w\= -^ip \E K,w ^ (/?; 

— K,w ^ \2lp iff K, w' (= (p, for every w' G W such that {w, w') G R; 

— K,w \= ()tp iff there is a w' G W such that {w, w') E R and K, w' \= ip. 

A formula p is said to be satisfied ed w in K ii K , w \^ p>; p> is said to be valid 
in K (and we write K \= p) , ii K , w \= ip, for every w G W . 

The smallest normal modal logic is K, which contains only the modal axiom K 
and whose accessibility relation R can be any binary relation. The other normal 
modal logics admit together with K other modal axioms drawn from the ones in 
Table m 

In this paper we analyze the modal logic S5 which is the strongest normal 
modal system. It can be obtained from the logic K in several ways. One of them 
consists in adding axioms T and 5 from Table [3] to the logic K. Given a formula 
ip, a Kripke model K = {W,R,h), and a world w e W, the semantics of the 
modal operators can be defined as follows: 

— K ,w \= Dpi iS K ,v \^ p>, for every v € W , 

— K,w \= ()p! iS. K ,v 1= p, for some v G W . 

This makes it possible to translate a formula Lp of S5 into the 3LQS language. 

For the purpose of simplifying the definition of the translation function tss 

given below, the concept of "empty formula" is introduced, to be denoted by A, 

and not interpreted in any particular way. The only requirement on A needed 
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for the definition given next is that A A tp and tp A A are to be considered as 
syntactic variations of -0, for any SLQ/S -formula '0- 

For every propositional letter p, let r^^ip) = X^, where X^ G Vi, and let 
Tgg : S5 -> 3LQS be the function defined recursively as follows: 

-ri,ip)^A, 

- ri,h^) = {yz){z e xl^ O -.{z e xl)) A Ti,{^), 

- t|5((^i A^2) = (Vz)(z e Xi^^^, O (z e Xi^ Az e X^^J)ATi,{^i)ATi,{^2), 

~ t|5((^i v^2) = (Vz)(z e Xi^v^. ^ (^ e ^^1 vz e X^^^))ATi,{^i)ATi,{^2), 
{yz){z e xl) ^ (Vz)(z e X^^) A -(Vz)(z G xl) ^ (Vz)-(z G 

-(Vz)-(z G xl) ^ (Vz)(z G Xi^) A (Vz)-(z G X^) ^ (Vz)-(z G 
XI^)AtU^), 

where yl is the empty formula and Xi^,Xi,Xi^;^^^,Xi^vv2'^vi'^V2 ^ "^i- 
Finally, for every ip in S5, if (/? is a propositional letter in V we put rssi^p) = 

■^55 (v), otherwise ts5((^) = t|5(^). 

Even though the accessibility relation R is not used in the translation, we 

can give its formalization in the 3LQS fragment by introducing the collection 

variable Aji and the following related formulae: 

- tAi - (VZ)(Z gAr^Ze A,3), 

- Xl = {yZ)iZ G A,,3 

^ (Z G Ai^ O (Vzi)(Vz2)(Vz3)((;zi G Z A Z2 G Z A Z3 G Z) 

-^ (Zl = Z2 V Z2 = Z3 V Zl = Z3)). 

Clearly rssiip) and the formulae above belong to 3LQS and, in particular, to 
{3LQS )^. Correctness of the above translation is guaranteed by the following 
lemma. 

Lemma 5. For every formula ip of the logic S5, if is satisfiable in a model 
K — (VF, i?, h) iff there is a 3LQS -interpretation satisfying x G X^. □ 

Proof. Let w be a world in W. We construct a SLQ-S -interpretation A4 = 
(W, M) as follows: 

- Mx — w, 

- MXp ~ h{p), where p is a propositional letter and X^ — TS5(p), 

- Mrssiip) — true, for every tp G SuhF{ip), where tp is not a propositional 
letter. 
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To prove the lemma, it would be enough to show that K,w \= (p iS M \^ x ^ X^. 
However, it is more convenient to prove the following more general property: 

Given a w ^ W , if y (zVq is such that My — w, then 
K.w^^iffM^y^Xl 
which we do by structural induction on ip. 

Base case: If (/s is a propositional letter, by definition, iT, w ^ (/3 iff w G h{ip). 

But this holds iff My e MX^,, which is equivalent to M ^ y e X^. 
Inductive step: We consider only the cases in which ip — Di/) and p = (}ip, as 

the other cases can be dealt with similarly. 

— li (f = Otp, assume first that K,w ^ Dip. Then K,w ^ ip and, by induc- 
tive hypothesis, Af \= y e X^. Since M \= Ts5(nV'), it holds that M \= 
(Vzi)(zi e X^) -^ (Vz2)(z2 G X^^). Then we have M[zi/w, zs/w] h 
(zi e X^) -^ (z2 € ^ni;) ^'^^j since My = w, we have also that 
M \= {y G X\) —> {y E ^[jih)- By the inductive hypothesis and by 
modus ponens we obtain M |= y G X^<, as required. 

On the other hand, if _ftr,w ^ Dtp, then K ,w ^ ^ and, by inductive 
hypothesis, M ^ y e X^. Since M \= TS5{^^p), then M \= -.(Vzi)(zi G 
-^^) ~^ (Vz2)^(22 G X^.). By the inductive hypothesis and some predi- 
cate logic manipulations, we have Af \= -^{y G X\) -^ -^{y G X^,), and 
by modus ponens we infer Af ^ -i(y G Xq , ), as we wished to prove. 

— Let (p = OV" and, to begin with, assume that K^w ^ OV'- Then, there 
is a w' such that K,w' \= ip, and a y' G Vo such that My' = w' . Thus, 
by inductive hypothesis, we have Af ^ y' G X\ and, by predicate logic, 
Af \= -.(Vzi)-.(zi G X^). By the very definition of Af, Af |= ts5(0^) 
and thus M |= ^(Vzi)-i(zi G X^^) -> (Vz2)(z2 G X^^). Then, by modus 
ponens we obtain Af |= (Vz2)(2:2 G X}^^) and finally, by predicate logic, 
Mhy& Xl^. 

On the other hand, if fsT, w ^ OV', then if, w' ^ 'ijj, for any w' G W and, 
since w' — My' for any y' G Vo, it holds that M ^ y' E X\ and thus, 
by predicate logic, Af ^ (V2i)-i(zi G X}p). 

Reasoning as above, Af |= (Vzi)-i(zi G X^) -^ (Vz2)~'(22 G -'^Oi/j) ^^'^' 
by modus ponens, Af |= (Vz2)-'(2;2 G ^OV"-^' Fi'^^llyi ^y predicate logic, 
Af ^ y G X}^^, as required. 

It can be checked that tsb{'P}) is polynomial in the size of p) and that its satis- 
fiability can be verified in nondetcrministic polynomial time since the formula 
£,w A ^,r,3 A i/'i A (xi A rs5(<p)), where S^w denotes W, and the other conjuncts 
are as defined above, belongs to {3LQS )^. Consequently, considering that S5 
was proved NP-complete in [M], the decision algorithm presented in this paper 
together with the translation function introduced above can be considered an 
optimal procedure (in terms of its computational complexity class) to decide the 
satisfiability of any formula ip of S5. 
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6 Conclusions and future work 

We have presented the three-sorted stratified set-theoretic fragment 3LQS and 
have given a decision procedure for its satisfiability problem. Then, we singled out 
a family of sublanguages oiSLQS^, {{3LQS^)'^}h>2, characterized by imposing 
further constraints in the construction of the formulae, we proved that each 
language in the family has the satisfiability problem NP-complete, and we showed 
that the modal logic S5 can be formalized in {3LQS )^. 

Techniques to translate modal formulae in set theoretic terms have already 
been proposed in [I] , in the context of hyperset theory, and in jll] in the ambit 
of weak set theories not involving the axiom of extensionality and the axiom of 
foundation. 

We further intend to study the possibility of formulating non-classical logics 
in the context of well-founded set theory constructing suitable extensions of the 
3LQS fragment. In particular, we plan to introduce in our language a notion 
of ordered pair and the operation of composition for binary relations. 

We also plan to extend the language so as it can express the set theoretical 
construct of general union, thus being able to subsume the theory 3LSSPU. 
Another direction of future investigations concerns n-sorted languages involving 
also constructs to express ordered n-uples of individuals. 
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